From 4256a60705743567091e8cc6bb0a85622173cb2d Mon Sep 17 00:00:00 2001
From: Thomas Ferrandiz <thomas.ferrandiz@suse.com>
Date: Mon, 1 Aug 2022 15:23:17 +0000
Subject: [PATCH] syncPodFirewallChains: loop on all NodeIp to find the pods
 running on a given Node - Load PodIp in podInfo struct and use it instead of
 pod.ips[0].IP

---
 pkg/controllers/netpol/network_policy_controller.go | 1 +
 pkg/controllers/netpol/pod.go                       | 8 ++++----
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/pkg/controllers/netpol/network_policy_controller.go b/pkg/controllers/netpol/network_policy_controller.go
index fc6abb0b..5d21a213 100644
--- a/pkg/controllers/netpol/network_policy_controller.go
+++ b/pkg/controllers/netpol/network_policy_controller.go
@@ -111,6 +111,7 @@ type networkPolicyInfo struct {
 
 // internal structure to represent Pod
 type podInfo struct {
+	ip        string
 	ips       []v1core.PodIP
 	name      string
 	namespace string
diff --git a/pkg/controllers/netpol/pod.go b/pkg/controllers/netpol/pod.go
index f55a1ec9..626a29c2 100644
--- a/pkg/controllers/netpol/pod.go
+++ b/pkg/controllers/netpol/pod.go
@@ -108,7 +108,6 @@ func (npc *NetworkPolicyController) syncPodFirewallChains(networkPoliciesInfo []
 	allLocalPods := make(map[string]podInfo)
 	for _, nodeIP := range npc.nodeIPs {
 		npc.getLocalPods(allLocalPods, nodeIP.String())
-		break
 	}
 	for _, pod := range allLocalPods {
 
@@ -161,8 +160,7 @@ func (npc *NetworkPolicyController) setupPodNetpolRules(pod podInfo, podFwChainN
 		}
 		// add entries in pod firewall to run through applicable network policies
 		for _, policy := range networkPoliciesInfo {
-			// TODO: Take the ipv4 address, pod.ips[0] is not good
-			if _, ok := policy.targetPods[pod.ips[0].IP]; !ok {
+			if _, ok := policy.targetPods[pod.ip]; !ok {
 				continue
 			}
 			comment := "\"run through nw policy " + policy.name + "\""
@@ -305,7 +303,9 @@ func (npc *NetworkPolicyController) getLocalPods(localPods map[string]podInfo, n
 		if strings.Compare(pod.Status.HostIP, nodeIP) != 0 || !isNetPolActionable(pod) {
 			continue
 		}
-		localPods[pod.Status.PodIP] = podInfo{ips: pod.Status.PodIPs,
+		localPods[pod.Status.PodIP] = podInfo{
+			ip:        pod.Status.PodIP,
+			ips:       pod.Status.PodIPs,
 			name:      pod.ObjectMeta.Name,
 			namespace: pod.ObjectMeta.Namespace,
 			labels:    pod.ObjectMeta.Labels}